Closed code423n4 closed 2 years ago
Issue here incorrectly assumes that the owner is a centralized authority. SKALE Chain owners may be a DAO, multisig, or single owner - the IMA bridge is agnostic to, and cannot control the governance structure adopted in each SKALE Chain. The responsibility and process conducted after kill is executed rests on the Owner and whatever governance structure is adopted.
Dup of #76
Lines of code
https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/mainnet/DepositBoxes/DepositBoxERC20.sol#L196
Vulnerability details
Impact
After a schain is killed by both the owner and the IMA admin, schain admin can control all the fund using e.g.
DepositBoxERC20.getFunds
functions. This pose a significant centralization risk after the schain is killed.Proof of Concept
https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/mainnet/DepositBoxes/DepositBoxERC20.sol#L196
Recommended Mitigation Steps
Require both the owner and IMA admin on the fund distribution process.